News & Resources

The Compliance and Enforcement Environment: Where Things Stand in the Autumn of 2016

Business Law Alert10/11/16 Joseph D. Masterson

Share this page:

Corporate compliance is under greater scrutiny and enforcement pressure than ever.

SEC Whistleblowers and Penalties (including Foreign Corrupt Practices Act Sanctions): In August 2016, SEC whistleblower awards topped $100 million, with six of the top ten awards in 2016. Whistleblower bounties are also awarded by the CFTC and the IRS, with whistleblower retaliation protections available from the SEC, OSHA and numerous other federal and state agencies. The SEC reported disgorgement and penalties of approximately $4.2 billion in fiscal 2015, with a record number of SEC stand-alone enforcement actions. The SEC implemented a new policy requiring admissions of wrongdoing from securities violators in certain cases. Enforcement remains a primary emphasis.

False Claims Act Recoveries: Over $3.5 billion in total qui tam and non qui tam recoveries in fiscal 2015 (with over $33 billion in the past 10 years, many in the healthcare and pharmaceutical industries). Whistleblowers (qui tam relators) collected about $600 million of that amount in 2015. The law allows for treble damages and penalties for each false claim. A whistleblower/relator can receive up to 30 percent of the amount recovered. The avid involvement of the plaintiffs' bar in such cases is reminiscent of the early days of securities class actions, and will only increase the number of these actions over time.

IRS Whistleblower Awards: The IRS reported to Congress for fiscal 2015 that it made more than $100 million in awards pursuant to its statutory whistleblower program created in 2006, with total awards now exceeding $400 million for assistance in recovering over $3 billion in tax revenue. This law has higher minimum bounties when recovered taxes, penalties and interest exceed $2 million (at least 15 percent) than the Dodd-Frank whistleblower bounty provisions (minimum of 10 percent), and a separate discretionary bounty program that applies when recoveries are smaller.

Dodd-Frank Act Whistleblower Incentives and Protections:

The Dodd-Frank Act and related rules of the SEC and CFTC provide for mandatory bounties of 10 percent to 30 percent to qualifying whistleblowers for violations subject to the jurisdiction of the Securities and Exchange Commission and the Commodities Futures Trading Commission. The statute also includes anti-retaliation protections provided to whistleblowers. Note that even compliance officers and others responsible for the internal compliance program can sometimes qualify for whistleblower bounties. In its 2015 report to Congress the SEC said that it received nearly 4,000 whistleblower tips that year (a 30 percent increase since fiscal 2012) and 120 whistleblower award claims. The SEC also issued a whistleblower award in connection with its first successful anti-retaliation enforcement action under the Dodd-Frank Act. Violations potentially subject to whistleblower bounties include (among others):

Bribery of foreign officials.

Unregistered, non-exempt offers or sales of securities.

Insider trading violations (aggressive SEC program).

False or misleading disclosures in connection with securities transactions.

False or misleading SEC filings or financial statements.

Theft or misappropriation of investor funds or securities.

Fraud in connection with pension plans or municipal securities.

Plaintiffs' Attorneys Are Seeking Clients and Advocating for Big Penalties

Law firms already specializing in securities class action claims or qui tam suits are actively advertising their services to assist in whistleblower claims. Just Google the word "whistleblowers" for a sample, including firms that are "local" to many of our clients. A single violation has the potential to lead to multiple recoveries for these lawyers: For example, improper overbilling of the government can both (a) violate the False Claims Act and (b) result in inaccurate financial statements and other disclosures or omissions in violation of the federal securities laws (permitting a whistleblower bounty under the Dodd-Frank Act), and (c) any recoveries under either (a) or (b) also may support a shareholder securities class action. A violation of the FCPA can similarly result in multiple claims. The possibility that errors or misstatements in financial information can lead to "clawbacks" of executive compensation (required by Sarbanes-Oxley and Dodd-Frank) will only increase potential claims and management conflicts of interest, which may or may not fit within the whistleblower bounty provisions.

The Importance of a Culture of Compliance

It is always a good time to remind managers and employees that attentive and good faith compliance with applicable law and with the company's compliance plan and code of conduct, including internal reporting of evidence of potential violations by others, is an integral part of every corporate function against which managers and employees are evaluated and rewarded. The very best defense against serious allegations of misconduct, whether the allegations are made by whistleblowers, by government investigators, or by shareholders or other third parties, is a culture of compliance and ethical conduct, backed by policies and procedures that are effectively designed to detect and prevent misconduct. A good written policy is of little value if actual practice doesn’t back it up, as recent allegations in the news illustrate. Even a single lapse can have lasting adverse consequences, both in terms of monetary sanctions or damages and injury to a company's reputation for ethics and integrity.

The Urgency of Appropriate Action

If a potentially serious problem arises, prompt and appropriate action will be critical to avoiding or minimizing any injury to the company and to its constituencies (directors, officers, employees, customers, lenders, suppliers, etc.). A prompt and effective investigation and response to any violations are critical under the federal sentencing guidelines, ideally before enforcement authorities become involved. Whistleblower disclosures to the government or leaks to the press may occur at any time (or may already have occurred), and public companies may have prompt public disclosure obligations of their own depending upon the relevant facts, including whether the company or insiders may be engaged in ongoing sales of securities or may be making public statements about earnings or other material developments. There will be no time to lose in determining the facts and implementing a complete and appropriate response plan.

Actions to Take Now

Companies that may be subject to whistleblower complaints should take the following actions before a problem arises:

Review internal compliance and reporting programs and related policies, with annual employee certifications of reporting regarding violations of law or the code of conduct. An effective program should include clear guidelines, policies that are effective to detect and prevent misconduct, uniform enforcement, and employee education and training. Train managers to identify and provide special attention to those employee or third party reports or complaints that raise compliance concerns. Strengthen initiatives that encourage and reward employees who report potential securities violations in good faith through in-house reporting mechanisms, but be careful not to obstruct reports to enforcement authorities (e.g., through codes of conduct or confidentiality agreements). Adopt a robust exit interview process with departing employees and include questions regarding compliance concerns.

Review and consider the adequacy of D&O insurance, including coverage for costs incurred in responding to governmental investigations or conducting internal investigations in response to governmental inquiries or whistleblower complaints. Such coverage is becoming common in D&O policies, but you need to look for it and negotiate to get it. Consider getting independent advice to help with this negotiation. Large deductibles often apply to these costs.

Review, refine if necessary and publicize your anti-retaliation policies as they relate to whistleblowers. More than ever before, it is important that everyone know the rules.

Evaluate internal investigations protocols and procedures, including involvement by the board if appropriate. Be prepared to act quickly and appropriately to preserve records, determine the facts, take remedial action and decide whether to self-report to the government any problems that may be uncovered. If potential conflicts of interest for directors or senior managers are foreseeable (e.g., if the allegations are true, could they lead to a restatement of the financials or otherwise lead to a compensation clawback?), consider whether outside lawyers should assist in the investigation. Also be prepared with public communications protocols as appropriate.